Data and securityCyber SecurityNHS cybersecurity flaws revealed by news investigation

NHS cybersecurity flaws revealed by news investigation

An investigation by Sky News has revealed some worrying stats concerning how the NHS is protecting its data online

An investigation by Sky News has revealed some worrying stats concerning how the NHS is protecting its data online.

According to the news channel, seven NHS trusts, serving more than two million people, spent nothing on cybersecurity in 2015. Further insight obtained from the investigation includes the fact that the average annual spend for an NHS trust was £23,040, although six trusts spent at least £100,000. In all, 45 trusts were unable to specify their cybersecurity budget at all.

The information was obtained by Sky News using a Freedom of Information request to which 97 trusts responded.

Further investigation found that trusts are increasingly suffering from personal data breaches – the number of breaches rose from 3,133 in 2014 to 4,177 last year – and that cyber incidents are accounting for more breaches, from eight in 2014 to 60 last year.

 

Serious flaws

Security firm Hacker House, which was invited to work on the investigation with Sky News, also revealed some serious flaws in NHS Trust cybersecurity. These included misconfigured email servers and outdated software and security certificates.

Commenting to Sky News, Jennifer Arcuri, co-founder of Hacker House, said: “I would have to say that the security across the board was weak for many factors. Out of date SSLs, out of date software; it was very clear that you could bypass any number of these trusts just by doing the right recon online.

“So, if I was an adversary looking to get into any of these trusts or take advantage or change, manipulate or send communications on behalf of a doctor, I could, just because the information was already there.”

 

Bad week

The investigation caps an already troubled few weeks for the NHS when it comes to its digital performance. Two NHS trusts in Lincolnshire were recently forced to cancel operations after a virus infected their computer systems and NHS email was brought to a standstill after a member of staff sent a message to every listed NHS address.

NHS Digital said this was the result of a technical bug in the supplier’s system and was not the fault of an individual member of NHS staff.

Any response from the NHS to the Sky News investigation will be reported here.

Related Articles

Government and tech industry hold roundtable on IoT security

Cyber Security Government and tech industry hold roundtable on IoT security

2y Jay Ashar
New Army cyber operations centres for MOD

Cyber Security New Army cyber operations centres for MOD

2y Jay Ashar
Competing priorities biggest roadblock to cybersecurity

Cyber Security Competing priorities biggest roadblock to cybersecurity

2y Jay Ashar
Cybersecurity is a market for lemons

Cyber Security Cybersecurity is a market for lemons

2y Bernard Parsons
Compulsory cyber awareness training for Cardiff council staff

Cyber Security Compulsory cyber awareness training for Cardiff council staff

2y Jay Ashar
UK government to assess the cyber security capability landscape

Cyber Security UK government to assess the cyber security capability landscape

2y Jay Ashar
New capability to help organisations fight cyber threats

Cyber Security New capability to help organisations fight cyber threats

2y Jay Ashar
Room for more cybersecurity over and above GDPR

Cyber Security Room for more cybersecurity over and above GDPR

2y Jay Ashar